Paper 2021/930

Darlin: Recursive Proofs using Marlin

Ulrich Haböck, Alberto Garoffolo, and Daniele Di Benedetto

Abstract

This document describes Darlin, a succinct zero-knowledge argument of knowledge based on the Marlin SNARK (Chiesa et al., Eurocrypt 2020) and the `dlog' polynomial commitment scheme from Bootle et al. EUROCRYPT 2016. Darlin addresses recursive proofs by integrating the amortization technique from Halo (IACR eprint 2019/099) for the non-succinct parts of the dlog verifier, and we adapt their strategy for bivariate circuit encoding polynomials to aggregate Marlin's inner sumchecks across the nodes the recursive scheme. We estimate the performance impact of inner sumcheck aggregation by about 30% in a tree-like scheme of in-degree 2, and beyond when applied to linear recursion.

Note: Additional appendix on domain extension/segmentation of linear polynomial commitment schemes. A more complete explanation of our benchmarks.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint. MINOR revision.
Keywords
R1CSSNARKsrecursive proofsaggregation schemes
Contact author(s)
ulrich @ horizenlabs io
alberto @ horizenlabs io
daniele @ horizenlabs io
History
2021-10-01: last of 3 revisions
2021-07-09: received
See all versions
Short URL
https://ia.cr/2021/930
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2021/930,
      author = {Ulrich Haböck and Alberto Garoffolo and Daniele Di Benedetto},
      title = {Darlin: Recursive Proofs using Marlin},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/930},
      year = {2021},
      url = {https://eprint.iacr.org/2021/930}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.